[Cryptography] canonicalizing unicode strings.

[John Levine]

In article <20180115161208.GA2547 at fedora-23-dvm> you write:
>If possible I always recommend using a whitelist rather than the blacklist
>approach shown above, which will inevitably get out of date as new unicode
>homoglyphs and near-homoglyphs get added to unicode.

I think the normal approach is to accept strings only in a single
script.  Mixed scripts are generally malicious in any sort of
identifier context.

R's,
John